ADOBE® AIR® Administrator’s Guide Legal notices
Legal notices For legal notices, see http://help.adobe.com/en_US/legalnotices/index.html.
Last updated 5/24/2011 iii
Contents
AIR Administrator’s Guide Overview The AIR environment ...... 1 Adobe AIR installation ...... 2 Adobe AIR configuration ...... 5
Last updated 5/24/2011 1
AIR Administrator’s Guide Overview
Adobe® AIR™ is a cross-operating system runtime. With AIR installed on a computer, users can install and run AIR applications. This document is intended for IT administrators that want to install and configure Adobe AIR on network computers. AIR applications support native desktop application features, including clipboard and drag-and-drop support, local file I/O, and system notification. Operating system restrictions that apply to native applications, such as user-specific privileges, equally apply to AIR applications. For more information on security, see the Adobe AIR Security white paper.
The AIR environment
Adobe AIR must be installed for a user to install and run AIR applications. Each AIR application runs in a separate process. AIR applications are written using tools and languages used in web development, including HTML, Ajax, Flex, and Flash. Adobe AIR enables developers to use these to deploy rich Internet applications that run on the desktop.
AIR runtime files and locations Adobe AIR is installed to the following locations: • On Microsoft® Windows® —In the Program Files\Common Files\Adobe AIR directory. • On Mac® OS® —In the /Library/Frameworks/Adobe AIR.framework directory. (Also installed are the Adobe AIR Application Installer.app and Adobe AIR Uninstaller.app files, both added to the /Applications/Utilties/ directory.) • On Linux—In the /opt directory. AIR is installed as either rpm or dpkg packages, with package names: adobeairv.n and adobecerts. Installation requires a running X server. AIR registers the mime type: application/vnd.adobe.air-application-installer-package+zip. Adobe AIR is a runtime in which AIR applications run. It also includes the AIR application installer, used to install AIR applications. For information on installing and removing Adobe AIR, see “Adobe AIR installation” on page 2.
Data formats used AIR applications are deployed as AIR files (files with the .air filename extension). An AIR file is an installer file for a specific AIR application. When the user launches an AIR file (for example, by double-clicking the AIR file), the runtime opens the AIR application installer, which provides a graphical user interface for installing the application. The application installer displays the identity of the application’s developer (based on the developer’s certificate), if known. The installed AIR application is added to a subdirectory of the standard application directory (for example, a subdirectory of C:\Program Files on Windows and /Applications on Mac OS). The installed application directory includes the following: • A native executable file, which opens the application in Adobe AIR.
Last updated 5/24/2011 ADOBE AIR ADMINISTRATOR’S GUIDE 2 AIR Administrator’s Guide Overview
• HTML and SWF files used by the application. (Each AIR application is built using at least one HTML or SWF file). HTML and SWF files developed for Adobe AIR may contain APIs specific to AIR, which do not work in web browsers. • Other resources, such as images, style sheets, and other media, used by the application. AIR applications can access the local file system, and they can write files (of any type) to directories for which the user has write privilege. Each AIR application is signed, and an installed application cannot run if any files in the installed application directory do not match the application’s signature.
Network protocols used Adobe AIR applications can use the following network protocols: • HTTP • HTTPS • RTMP (Real Time Messaging Protocol)—a proprietary protocol used with Flash Media Server to stream audio and video over the web. The default connection port is 1935. • RTMPT—RTMP tunneling via HTTP. The default connection port is 80. • RTMPS—RTMP tunneling via HTTPS. The default connection port is 443. (For more information about using the RTMP protocols, see HTTP Tunneling Protocols.) • TCP/IP—Transmission Control Protocol/Internet Protocol • UDP—User Datagram Protocol • FTP—File Transfer Protocol • SMB—Server Message Block. SMB is a message format used by DOS and Windows to share files, directories, and devices. AIR applications can access files from remote SMB shares. • SSL—Secure Sockets Layer • TLS—Transport Layer Security
Adobe AIR installation
Users with administrative rights for a computer can download and install Adobe AIR, which is available at http://get.adobe.com/air. Adobe AIR is supported on: • Microsoft Windows • Mac OS X • Linux The user needs to have administrative privileges to install the runtime. Complete system requirements are listed at Adobe AIR system requirements.
Last updated 5/24/2011 ADOBE AIR ADMINISTRATOR’S GUIDE 3 AIR Administrator’s Guide Overview
Removing AIR Once you have installed the runtime, you can remove it using the following procedures. On a Windows computer: 1 In the Windows Start menu, select Settings > Control Panel. 2 Select the Add or Remove Programs control panel. 3 Select “Adobe AIR” to remove the runtime. 4 Click the Change/Remove button. On a Mac computer: • Double-click the Adobe AIR Uninstaller, which is located in the /Applications/Utilities folder. The user needs to have administrative privileges to remove the runtime. On Linux, do one of the following: • Select the “Adobe AIR Uninstaller” command from the Applications menu.
• Run the AIR installer binary with the -uninstall option.
• Remove the AIR packages (adobeairv.n and adobecerts) with your package manager.
Updating AIR If an AIR application requires an updated version of Adobe AIR (the runtime), the new runtime version is installed when the AIR application is installed. To update the runtime, a user must have administrative privileges for the computer.
Adobe AIR redistribution Adobe provides the runtime for distributing Adobe AIR on individual systems, on an intranet, or in an enterprise environment. For more information, see the following: • Adobe® AIR™ Runtime Distribution • Adobe® AIR™ Runtime Distribution FAQ
Installing, updating, and removing AIR applications AIR applications are deployed as AIR files. See “Data formats used” on page 1. Users can install updates in two ways: • Download the AIR file for the application (or copy it in some other way) and run it (for example, by double-clicking it). Adobe AIR must already be installed. • In a web page (in a browser), click a seamless install link for the application. Adobe AIR lets developers install applications via a link (or other user interface element) in a SWF file embedded in a web page. If Adobe AIR is not already installed, it is installed, with the user’s approval as the application is installed. In either case, if a different version of the application is already installed, the AIR application installer asks the user if they want to update to the new version. If an updated version of Adobe AIR is required, the updated version is automatically installed. By default, each AIR application is installed in a unique subdirectory of the system-wide programs directory (such as c:\Program Files\MyAIRApp on Windows and /Applications/MyAIRApp on Mac OS.)
Last updated 5/24/2011 ADOBE AIR ADMINISTRATOR’S GUIDE 4 AIR Administrator’s Guide Overview
On Mac OS, to install or update an AIR application, the user needs to have adequate system privileges to install to the application directory (and administrative privileges if the application needs to update the runtime). On Windows, a user needs to have administrative privileges. Once an AIR application is installed, it can update itself (if the developer has added code to do so). IT administrators can install Adobe AIR and AIR applications silently using standard desktop deployment tools. (See the next section, “Enterprise deployment” on page 4.) IT administrators can prevent AIR application installation and Adobe AIR updates. (See “Adobe AIR configuration” on page 5.) Adobe AIR currently does not support GPO or MSI for Adobe AIR or application installation.
Enterprise deployment IT administrators can install Adobe AIR and AIR applications silently using standard desktop deployment tools. IT administrators can deploy the following: • Silently install Adobe AIR using tools such as Microsoft SMS, IBM Tivoli, or any deployment tool that allows silent installations that use a bootstrapper • Silently install the AIR application using the same tools used to deploy the runtime IT admins are able to control the following as part of deployment: • Suppress the display of the Adobe AIR end-user license agreement Only IT administrators can suppress the Adobe AIR end-user license agreement display and only after accepting the terms and conditions on the organization's behalf. • Specify the application installation location • Specify whether the application's program menu or shortcut appears on end-users desktop Organizations need to obtain redistribution agreement from Adobe. For more information, see: • Adobe® AIR™ Runtime Distribution • Adobe® AIR™ Runtime Distribution FAQ IT administrators in conjunction with the AIR configuration parameter can further tune the runtime.
Installation logs Installation logs are recorded when either Adobe AIR itself or an AIR application is installed. You can examine the log files to help determine the cause of any installation problems that occur. The log files are created in the following locations:
• Mac: the standard system log (/private/var/log/system.log)
• Windows XP: C:\Documents and Settings\
• Windows Vista, Windows 7: C:\Users\
• Linux: /home/
Last updated 5/24/2011 ADOBE AIR ADMINISTRATOR’S GUIDE 5 AIR Administrator’s Guide Overview
Adobe AIR configuration
Administrators can apply the following configuration settings for Adobe AIR running on Windows: • Preventing installation of AIR applications • Preventing installation of untrusted AIR applications • Disabling automatic updates of Adobe AIR updates These settings are intended for use only within a closed environment, such as an enterprise where an IT administrator controls the end-users systems. These settings cannot be used as part of a native installer for distribution in an open environment. On both Windows and Mac OS, there are administrative settings for SWF content loaded into Adobe AIR from external sources (outside the application).
Preventing installation of AIR applications On Windows, add a DWORD value named AppInstallDisabled to the HKey_Local_Machine\Software\Policies\Adobe\AIR registry key, and set the value to 1. On Linux, modify the AppInstallDisabled setting in the globalRuntime.conf configuration file in /etc/opt/Adobe\ AIR/. For example, set AppInstallDisabled=1 to prevent installation of AIR applications. If no setting is present or if the value is set to 0, installation of AIR applications is allowed. However, users still need system privileges to install to the application’s destination directory. Also, if system policy prohibits installation via Windows Installer (MSI), that policy is also respected by AIR. Even if installation of AIR applications is allowed, the following restrictions are observed: • On Mac OS and Linux, to install or update an application, the user needs to have adequate system privileges to install to the application directory (and administrative privileges if the application needs to update Adobe AIR). • On Windows, a user needs to have administrative privileges.
Preventing installation of untrusted AIR applications On Windows, add a DWORD value named UntrustedAppInstallDisabled to the HKey_Local_Machine\Software\Policies\Adobe\AIR registry key, and set the value to 1. On Linux, modify the UntrustedAppInstallDisabled setting in the globalRuntime.conf configuration file in /etc/opt/Adobe\ AIR/. For example, set UntrustedAppInstallDisabled=1 to prevent installation of untrusted AIR applications. If no setting is present or if the value is set to 0, installation of untrusted AIR applications is allowed. However, users still need system privileges to install to the application’s destination directory. An AIR application is trusted when it has been signed with a certificate that is trusted, or which chains to a certificate that is trusted on the installation computer. For more information, see “Code signing” in the Adobe AIR Security white paper.
Preventing automatic updates to Adobe AIR On Windows, add a DWORD value named UpdateDisabled to the HKey_Local_Machine\Software\Policies\Adobe\AIR registry key, and set the value to 1.
Last updated 5/24/2011 ADOBE AIR ADMINISTRATOR’S GUIDE 6 AIR Administrator’s Guide Overview
On Linux, modify the UpdateDisabled setting in the globalRuntime.conf configuration file in /etc/opt/Adobe\ AIR/. For example, set UpdateDisabled=1 to prevent automatic updates of Adobe AIR. On Mac OS, create a file named updateDisabled in the /Users/
Settings for SWF content loaded externally AIR applications can load SWF content and HTML content loaded from outside the application (for example, from a web URL or from a directory). Content loaded from outside the application observes the same security rules as content loaded in a web browser. For example, such content cannot call AIR APIs that provide access to the local file system. Flash Player configuration files apply to SWF content loaded from outside the applications. For information on these settings, see the Adobe Flash Player Administration Guide.
Group Policy Objects (GPO) Adobe AIR currently does not support Group Policy Objects (GPOs). To be notified when this option becomes available send e-mail to [email protected].
Last updated 5/24/2011